<?php //

require_once dirname(__FILE__).'/class/functions.php';
require_once dirname(__FILE__).'/class/user.class.php';

$a = session_id();if(empty($a)) session_start();

$logat = is_logat();
mysql_safer();
$show='';

$articol='';
$titlu='';
$adm=0;

if($logat == 0)
    die("Nu v-ati logat");
else
{
    if( $_SESSION['logat'] == "admin" )
    {            
        $user=unserialize($_SESSION['userc']);
        $adm=1;
    }
    else die("Interzis utilizatorilor normali!(Nu aveti drepturi!)");
    
}

if(isset($_GET['action'])){
     if(!strcmp($_GET['action'],"show")){
        if(isset($_GET['id'])){
            $nr=intval($_GET['id']);
            $sql_cauta="SELECT news.TITLU,news.CONTINUT,news.DATA,utilizatori.username FROM news INNER JOIN utilizatori ON utilizatori.ID=news.UID WHERE news.NID='".$nr."'";
            $rezultat = $db->q($sql_cauta);
            if(!$rezultat)
                    $show.= "N-am gasit nimic!  :( .";
            else
                 {
                     while( $row =  mysql_fetch_array($rezultat) ){
                            $titlu=$row[0];
                            $articol=$row[1];
                            $data=$row[2];
                            $autor=$row[3];
                                 }
                
                
            
                }
        }
        
    }
    if(!strcmp($_GET['action'],"add") && $adm){
        if(strlen($_POST['titlu'])<5 || strlen($_POST['continut'])<5) die("Date Invalide!");
        $nr=intval($_GET['id']);
        $user=unserialize($_SESSION['userc']);
         $_POST['continut']=  str_replace("\\r\\n", "<br>", $_POST['continut']);
//        if(strcmp($_POST['titlu'],$_POST['ltitlu'])){
//        $query="INSERT INTO `news` (`NID`, `TITLU`, `CONTINUT`, `UID`, `DATA`) VALUES (NULL,  '".$_POST['titlu']."', '".$_POST['continut']."', '$user->id', '".date("Y-m-d", time())."')";
//        //echo $query;
//        $db->q($query);
//        }
//        else{
        $query="DELETE FROM news WHERE NID='".$nr."'";
        $db->q($query);
        $query="INSERT INTO `news` (`NID`, `TITLU`, `CONTINUT`, `UID`, `DATA`) VALUES ('".$nr."',  '".$_POST['titlu']."', '".$_POST['continut']."', '$user->id', '".date("Y-m-d", time())."')";
        $db->q($query);
        //}
        $show="<p> Articolul a fost publicat! </p> <br />";
        $titlu=$_POST['titlu'];
        $articol=$_POST['continut'];
        
    }
   
    if(!strcmp($_GET['action'],"delete") && $adm){
        $nr=intval($_GET['id']);
        $query="DELETE FROM news WHERE NID='".$nr."'";
        $db->q($query);
        $show.="<p> Articol sters!</p>";
    }
    
    
}

?>


<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link rel="icon" href="favicon.jpg" type="image/gif" sizes="16x16" /> 
        <link rel="stylesheet" type="text/css" href="<? echo $path; ?>style/style.css" />
        <title>Noutati</title>
    </head>
<body>
    <? 
      what_header();
      footer(1);
        ?>
        <div id="content">
            <div id="content_inside">
                    <div id="content_inside_sidebar">
                        <ul>
                            <li><a href ="<? echo $path; ?>index.php"> Home</a><br /></li>
                            <li><a href ="<? echo $path; ?>boss/admin.php"> Panou Principal</a><br /></li>
                            <li><a href ="<? echo $path; ?>p_news.php"> Noutati</a><br /></li>  
                            <li><a href ="<? echo $path; ?>p_rezervari.php"> Rezervari</a><br /></li>
                            <li><a href ="<? echo $path; ?>p_downloads.php"> Downloads</a><br /></li>                   
                                           
                         </ul>
                                 
                    </div>
            <div id="content_inside_main">
                <?  echo $show;  ?>
                <form method="post" action="news_show.php?action=add&id=<? echo $_GET['id'] ?>" class="news_form">
                    <input type ="text" name="titlu" value="<? echo $titlu; ?>" class="news_elem"><br>
                    <input type ="hidden" name="ltitlu" value="<? echo $titlu; ?>" class="news_elem"><br>
                    <textarea name="continut" class="news_elem" rows="30"><? echo $articol; ?> </textarea><br>
                    <input type="submit" value="Posteaza!"><br>
                   
                </form>    
                <? if($adm){ ?>
                <form method="post" action="news_show.php?action=delete&id=<? echo $_GET['id'] ?>" class="news_form">
                    <input type="submit" value="Sterge!" style='float:right;'><br>
                </form>        
                                 
                <? } ?>
            </div>
            </div>
            
        </div>

</body>

<? //  echo " path = " . $path; 
?>
</html>